Methods and Apparatus for Anonymous Key Management in Mobile Ad Hoc Networks

1. An apparatus comprising: at least one processor; memory storing a program of instructions; wherein the memory storing the program of instructions is configured to, with the at least one processor, cause the apparatus to at least: exchange, between a first user device and a second user device, couple identifiers to form a paired couple of user devices during a pairing procedure; derive a set of asymmetric couple pseudonyms based at least on the couple identifiers and a renewal key, wherein the paired couple of user devices are wireless devices belonging to a group communicating messages encrypted by a shared key in a mobile ad hoc network; and broadcast, by the first user device, at least one message to the group wherein the at least one message comprises an asymmetric couple pseudonym from the set of asymmetric couple pseudonyms identifying that the at least one message is intended for the second user device.

2. The apparatus of claim 1 , wherein the first user device is a group manager and the second user device is a group member.

3. The apparatus of claim 1 , wherein the memory storing the program of instructions is configured to, with the at least one processor, cause the apparatus to at least: derive a temporary couple encryption key based at least on the couple identifiers and a current time, and wherein the at least one broadcasted message is encrypted based on the temporary couple encryption key.

4. The apparatus of claim 3 , wherein the set of asymmetric couple pseudonyms and the temporary couple encryption key are changed at a same time after each of a sequence of defined time periods.

5. The apparatus of claim 1 , wherein the couple identifiers are defined so as to prevent deterministic verification that the asymmetric couple pseudonym is a valid asymmetric couple pseudonym of the couple of user devices sharing it.

6. The apparatus of claim 1 , wherein the at least one message comprises a new shared key for communicating messages with the group.

7. A method comprising: exchanging, between a first user device and a second user device, couple identifiers to form a paired couple of user devices during a pairing procedure; deriving a set of asymmetric couple pseudonyms based at least on the couple identifiers and a renewal key, wherein the paired couple of user devices are wireless devices belonging to a group communicating messages encrypted by a shared key; and broadcasting, by the first user device, at least one message to the group wherein the at least one message comprises an asymmetric couple pseudonym from the set of asymmetric couple pseudonyms identifying that the at least one message is intended for the second user device.

8. The method of claim 7 , wherein the first user device is a group manager and the second user device is a group member.

9. The method of claim 7 , the method further comprising deriving a temporary couple encryption based at least on the couple identifiers and a current time, and wherein the at least one broadcasted message is encrypted based on the temporary couple encryption key.

10. The method of claim 9 , wherein the set of asymmetric couple pseudonyms and the temporary couple encryption key are changed at a same time after each of a sequence of defined time periods.

11. The method of claim 7 , wherein the couple identifiers are defined so as to prevent deterministic verification that the asymmetric couple pseudonym is a valid asymmetric couple pseudonym of the couple of user devices sharing it.

12. The method of claim 7 , wherein the at least one message comprises a new shared key for communicating messages with the group.

13. A non-transitory computer-readable medium having computer program instructions stored thereon, which when executed by a device causes the device to perform at least: exchanging, between a first user device and a second user device, couple identifiers to form a paired couple of user devices during a pairing procedure; deriving a set of asymmetric couple pseudonyms based at least on the couple identifiers and a renewal key, wherein the paired couple of user devices are wireless devices belonging to a group communicating messages encrypted by a shared key; and broadcasting, by the first user device, at least one message to the group wherein the at least one message comprises an asymmetric couple pseudonym from the set of asymmetric couple pseudonyms identifying that the at least one message is intended for the second user device.

14. The non-transitory computer-readable medium of claim 13 , wherein the first user device is a group manager and the second user device is a group member.

15. The non-transitory computer-readable medium of claim 13 , the device is caused further to perform: deriving a temporary couple encryption based at least on the couple identifiers and a current time, and wherein the at least one broadcasted message is encrypted based on the temporary couple encryption key.

16. The non-transitory computer-readable medium of claim 15 , wherein the set of asymmetric couple pseudonyms and the temporary couple encryption key are changed at a same time after each of a sequence of defined time periods.

17. The non-transitory computer-readable medium of claim 13 , wherein the couple identifiers are defined so as to prevent deterministic verification that the asymmetric couple pseudonym is a valid asymmetric couple pseudonym of the couple of user devices sharing it.

18. The non-transitory computer-readable medium of claim 13 , wherein the at least one message comprises a new shared key for communicating messages with the group.